Date: Wed, 28 Dec 2005 09:59:47 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Imran Imtiaz <imran@darkstar.thelakecity.com.pk> Cc: freebsd-questions@freebsd.org Subject: Re: ftp nologin problem Message-ID: <43B26213.5060504@infracaninophile.co.uk> In-Reply-To: <200512280736.jBS7aLRH079056@darkstar.thelakecity.com.pk> References: <200512280736.jBS7aLRH079056@darkstar.thelakecity.com.pk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig98F1D657442D62F3B029AE4F Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Imran Imtiaz wrote: > I am running ProFTPD 1.2.10 on my bsd server but the problem is that if a user don't have a shell and I've defined his shell as nologin then the ftp server does not logon and give the following error > C:\Documents and Settings\Asif>ftp 192.168.0.3 > Connected to 192.168.0.3. > 220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [192.168.0.3] > User (192.168.0.3:(none)): db.backup > 331 Password required for db.backup. > Password: > 530 Login incorrect. > Login failed. > ftp> > > tell me how can I correct this problem cause I don't want to give user a shell. Yes -- in order for a user to log in successfully via FTP they need: * a user account * a valid shell (appears in /etc/shells) * not to be in the list of user accounts *denied* ftp access, confusingly kept in /etc/ftpusers I suspect it's point 2 that you are running into here. However, do not just blindly add /sbin/nologin to /etc/shells -- any user account that gets created on your system solely for the purpose of owning files or processes will probably end up with nologin as its shell. Putting nologin into /etc/shells potentially creates a back door by which those accounts can be used with FTP. Instead, take a copy of /sbin/nologin, call it /usr/local/bin/ftp-only and use that as the shell for all ftp users. Add that to /etc/shells and everything should work the way you want. If you're trying to setup a highly secure mechanism for copying files over the net for backup, then I'd counsel against using FTP at all -- it's one of those archaic 'dawn of the internet' type protocols that does nasty things like transmitting passwords over networks in plain text. Two much better alternatives are: WebDav over HTTPS -- very easy to use from the Windows desktop via the 'map network location' feature. One gotcha is that if you're using a self signed cert on your webserver then you have to click on 'examine certificate' the first time you connect to the server, and then click on 'accept this certificate' or Windows will silently refuse to map the web location. rsync or scp over ssh. On the Windows side, you'll need a SSH client, like Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) scp is built into Putty, but adding rsync capability will need you to do a bit more work. You'll need to install rsync (Ports: net/rsync) on your FreeBSD server, plus the Cygwin environment on your windows machines ( http://www.cygwin.com/) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig98F1D657442D62F3B029AE4F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDsmIY8Mjk52CukIwRA4PWAJ9hQ5hx4PZW7PRyIIiUUV/QLD9rCACdFDik iNfh7xj6vOiIykIwSTfbsvs= =ddxb -----END PGP SIGNATURE----- --------------enig98F1D657442D62F3B029AE4F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B26213.5060504>